$3B in Mobile Payments for PayPal This Year But Bigger Prize at Stake

Posted by admin on 24/Jun/2011 in In The News | 0 comments

PayPal’s mobile payments business is now expected to do $3 billion in volume this year, double what the company predicted last fall, and up from $2 billion forecasted in April.

PayPal said it’s seeing $10 million a day in total mobile payment volume, up from $6 million in March. That’s a huge ramp-up and suggests PayPal is finding success in facilitating online payments through mobile phones, which is an extension of its existing business. But it doesn’t address where PayPal needs to go in the future: mobile payments for offline goods. Offline, real-world payments are a much bigger opportunity, representing more than 90 percent of current transactions. That’s where PayPal is looking to shift, but right now, the bulk of its business is still online.

Read Full Article On Gigaom.com

RSA 2011 Cybercrime Trends Report

Posted by admin on 1/Feb/2011 in Press Releases, Security Alert Log | 0 comments

This is a very important article/whitepaper that was published recently by RSA. It explicitly points to mobile phones being a security problem and makes specific mention of SMS and mobile banking being vulnerable.

The Current State of Cybercrime and What to Expect in 2011

Cybercrime continues to show no signs of slowing down. In fact, 2010 marked a year of several new threats and an increased level of sophistication in the attacks witnessed around the globe. As the new decade opens, cybercrime is diverging down a different path as cyber attacks move beyond the financial services industry and malware makes a shift from targeting consumer desktops to employees in the enterprise.

The RSA Anti-Fraud Command Center (AFCC ) has developed a list of the top cybercrime trends it expects to see evolve over the course of 2011.

The RSA Anti-Fraud Command Center is on the forefront of new threat detection and cybercrime intelligence, achieving several milestones including the shutdown of over 350,000 online attacks across 181 countries and launching the first commercial anti-phishing and anti-Trojan services in the industry.

In this white paper, RSA will review the current state of cybercrime based on what we witnessed in the last twelve months and provide a series of predictions on what to expect from cybercriminals in 2011.

Read the full article (PDF Format) as published by RSA on their web site (free registration required)

SMS Bank Tokens Vulnerable: RSA

Posted by admin on 26/Jan/2011 in Security Alert Log | 0 comments

I read a nice article today on zdnet.com.au. It is becoming clearer by the day that criminals are beginning to target the mobile device as an access point to user data.

The following in an excerpt from the article.

Mobile phone attacks will increase this year as criminals attempt to intercept SMS-based authentication tokens, according to security company RSA.

The tokens are designed to complement username and password log-in checks by requiring users to validate payments with unique numerical codes, in this instance sent by SMS.

It is becoming more popular, and the Commonwealth Bank of Australia claims to have 80 per cent of its customer base using tokens to validate third-party payments via SMS or through safer handheld token-number generators. The bank isn’t forcing customers to use it, but those who don’t will not be permitted to carry out high-risk transactions over NetBank.

RSA said in a 2011 predictions report that sending tokens via SMS will make phones a target.

“The use of out-of-band authentication SMS … as an additional layer of security adds to the vulnerabilities in the mobile channel,” the company said in its report.

“A criminal can … conduct a telephony denial-of-service attack which essentially renders a consumer’s mobile device unavailable.

“SMS forwarding services are also becoming mainstream in the fraud underground and enable the [token] sent by a bank via text to a user’s mobile phone to be intercepted and forwarded directly to the cyber criminal’s phone.”

Read the article in full on zdnet.com.au

CellTrust Secure SMS Continues to be Secure, While Many Wireless Banks’ Apps Were Exposed to Security Flaws

Posted by admin on 22/Nov/2010 in Press Releases, Security Alert Log | 0 comments

Company says Secure SMS users’ information is safe and secure because of product architecture

SCOTTSDALE, ARIZONA, USA – November 22, 2010 – CellTrust Corporation, the recognised leader in mobile secure messaging and secure applications for mobile phones (www.celltrust.com), today announced that CellTrust’s mobile banking product, which is being piloted outside of the U.S., is based on SecureSMS Secure Mobile information management (SMIM) architecture and is not affected by security flaws that were recently published in a Wall Street Journal article. The article stated that a number of top financial companies and banks, such as Wells Fargo & Co., Bank of America Corp. and USAA, are rushing to develop updates to fix security flaws in wireless banking applications that could allow a computer criminal syndicates to obtain sensitive data like usernames, passwords and financial information.

“This is not the first time that mobile banking applications have been vulnerable to security flaws, and we do not believe it will be the last time,” said Sean Moshir, CEO and Chairman of CellTrust. “The issue with the banking apps mentioned in The Wall Street Journal article is that personal information about the wireless subscriber, such as the user name and password to a bank account, is being stored in the mobile device, which could give a cybercriminal full access to a person’s financial accounts. Storing the password in the memory of the handset is a fundamental mistake in the design of the apps and the security architecture. Furthermore, apps that store passwords in the memory of the handset or send it across the network are not compliant with financial industry regulations or best practices.”

Moshir continued, “CellTrust developed its SecureSMS platform from the ground-up, with security architecture in mind, and continues to provide a safe and secure environment for the exchange of sensitive information. A key difference with SecureSMS is that CellTrust uses the mobile command channel for communication, rather than the data channel which was used for these particular mobile banking apps. It is critical and added security for mobile banks apps to perform the actual transaction or user authentication out of band.” (more…)

SMS Harvesting Mobile Virus Targeting Banks

Posted by admin on 5/Oct/2010 in Security Alert Log, Trojans | 0 comments

I came across an interesting article this morning on the SC Magazine web site this morning so I thought I’d share a brief excerpt and a link to the full article.

Bank log-in details could be targeted, say security experts.

Security experts are warning of a variant of the Zeus banking trojan that attacks mobile phones and can bypass the two-stage verification system used by some banks.

Zeus Mitmo is previously unknown malware that is designed to intercept the confirmation SMS sent out by some banks as part of the online log-in process, according to Spanish security company S21sec.

Read the full article on the SC Magazine web site.

CellTrust Prepares NFC Provisioning APIs Using SecureSMS for Carriers and Banks as NFC Technology Rollout Begins in 2011

Posted by admin on 25/Aug/2010 in Press Releases | 1 comment

CellTrust Removes Major Obstacle for Mobile Operators and Banks by Delivering OTA (Over-The-Air) NFC Configuration and Provisioning

SCOTTSDALE, ARIZONA, USA – August 25, 2010 – CellTrust Corporation, the world’s largest provider of SecureSMS for mobile phones (www.celltrust.com), announced today that it is preparing patent-pending, NFC-provisioning APIs using SecureSMS, in anticipation of NFC technology rollout beginning in early 2011.

NFC (Near Field Communication) is a short-range wireless communication standard that bundles a contactless chip with a contactless reader inside the mobile device. With NFC technology, consumers can simply wave or tap their phone within a few inches of a reader to transfer information to their mobile phone or to complete a mobile payment or transaction.

Designed to make life much easier for the end-user, provisioning NFC will require the carrier to send sensitive and confidential information to the mobile subscriber’s handset. While a few methods exist to provision NFC, CellTrust believes SMS is the optimal choice because it uses the mobile communications control channel, which is separate from voice and data and operates regardless of the voice or data being used. The control channel has high resiliency, low bandwidth requirements and was designed for carriers to send specific commands and instructions to the handset via SMS. It is important to note that standard SMS is not secure and can be spoofed. Provisioning NFC with CellTrust’s SecureSMS APIs addresses spoofing with a fully authenticated, government-grade, highly encrypted, tamper-proof process, which also enables message sizes up to 5,000 characters.

(more…)

Yep, Apparently You Can Rob Banks with your Nokia 1100!

Posted by admin on 22/May/2009 in Security Alert Log | 0 comments

I was emailed a link to an article from one of our readers this morning confirming that yep you can rob banks with your Nokia 1100. Now I might be sensationalising things a little bit with my post, but read the full article posted on PCworld and you’ll realise that this is serious stuff.

Now if you were using SecureSMS from Celltrust to communicate with your bank or something similar issues like this could more than likely be avoided.

Rob Banks With Your Nokia 1100 – Forget the Getaway Car and Gun!

Posted by admin on 21/Apr/2009 in Security Alert Log | 2 comments

Loads of European banks provide their mobile banking customers with a list of sequential numbers and random requested checksums on a pice of paper or card. Without access to this physical list an attacker might be able to gain access to the banks online GUI but won’t be able to complete a fund transaction. This is a fairly secure method but carrying the piece of paper or card can be a bit cumbersome.

So think about it for a second, what’s more convenient and is always with you? Yep, your mobile phone. (more…)

CellTrust Honoured as One of 2008 Comerica Bank Arizona Companies to Watch

Posted by admin on 14/Oct/2008 in Awards, Press Releases | 0 comments

2008 an award winning year for CellTrust SecureSMS

Scottsdale, Arizona, October 14, 2008 – CellTrust Corporation (www.celltrust.com), a leading provider of secure mobile messaging and applications, has been recognized as one of the 2008 Comerica Bank Arizona Companies to Watch. CellTrust will be receiving its fourth award this year when it is honoured at an awards ceremony during the second annual Comerica Bank Arizona Companies to Watch event, Nov. 11 at the Phoenix Convention Centre from 6-9 p.m. In addition, five companies will receive the Spotlight Awards in the following areas: Company Culture, Customer Service, Change/Innovation, Community and Commerce at the event.

“Comerica Bank Arizona Companies to Watch awardees are one of the reasons that Arizona leads the country in economic growth. Through the efforts of great employees who deliver innovative products and services, these companies are growing at over four times the national average!” says Joan Koerber-Walker, CEO of the Arizona Small Business Association. “ASBA is proud to be supporting this growing community of excellent companies. It’s about time they got the recognition they so richly deserve,” Koerber-Walker adds.

CellTrust provides a Secure SMS Gateway, which enables organizations to exchange critical information in a trusted environment on the mobile device with end-to-end privacy via a highly encrypted, tamper-proof process. The sender also has the ability to confirm when text messages are delivered and/or read. (more…)

First Purely Mobile Bank Licenses CellTrust’s SecureSMS for Safe Mobile Transactions

Posted by admin on 1/Apr/2008 in Application Watch, Press Releases | 0 comments

mobe, Inc. Enables Users to Conduct Critical Business While On-The-Go

CTIA Wireless, Las Vegas – April 1, 2008 – CellTrust™ Corporation (www.celltrust.com), the leading secure mobile information management and delivery provider, today announced that mobe, Inc., has selected CellTrust’s Global SecureSMS™ Gateway to ensure the secure transmission of SMS messages for payments, commerce, banking and other confidential content to and from its network of mobile bank account holders. mobe, Inc., in conjunction with University Bank, is a leader in mobile banking, mobile payments, merchant services, global remittance and banking security.

SecureSMS Gateway allows businesses to exchange critical information with customers in a trusted environment on the mobile device. Setting itself apart from consumer-grade SMS, CellTrust’s SecureSMS Gateway gives the message sender the ability to confirm when text messages are delivered and/or read via a highly encrypted, tamper-proof transfer process with no size limitations along with remote wipe functionality that ensures users can wipe the handset if it is lost or stolen.

As mobile consumers across all regions and age segments gain confidence in sending messages to friends and loved ones via text message, the trend of conducting more sophisticated and personal content will continue to rise. The increasing use of mobile devices to transfer funds between bank accounts and other important activities will become the standard of the industry in the near future, and CellTrust is providing the mobile industry with Secure SMS solutions that make high risk messages secure and safe from being read by others or tampered with during transmission. (more…)